VYPR

CWE-1336

Improper Neutralization of Special Elements Used in a Template Engine

BaseIncomplete

Description

The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (129)

page 6 of 7
  • CVE-2025-54287Oct 2, 2025
    risk 0.00cvss epss 0.00

    Template Injection in instance snapshot creation component in Canonical LXD (>= 4.0) allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine.

  • CVE-2025-59340Sep 17, 2025
    risk 0.00cvss epss 0.02

    jinjava is a Java-based template engine based on django template syntax, adapted to render jinja templates. Priori to 2.8.1, by using mapper.getTypeFactory().constructFromCanonical(), it is possible to instruct the underlying ObjectMapper to deserialize attacker-controlled input…

  • CVE-2025-57811Aug 25, 2025
    risk 0.00cvss epss 0.01

    Craft is a platform for creating digital experiences. From versions 4.0.0-RC1 to 4.16.5 and 5.0.0-RC1 to 5.8.6, there is a potential remote code execution vulnerability via Twig SSTI (Server-Side Template Injection). This is a follow-up to CVE-2024-52293. This vulnerability has…

  • CVE-2025-49142Jun 10, 2025
    risk 0.00cvss epss 0.00

    Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature used in computed fields, custom links,…

  • CVE-2025-49136Jun 9, 2025
    risk 0.00cvss epss 0.01

    listmonk is a standalone, self-hosted, newsletter and mailing list manager. Starting in version 4.0.0 and prior to version 5.0.2, the `env` and `expandenv` template functions which is enabled by default in Sprig enables capturing of env variables on host. While this may not be a…

  • CVE-2025-46731May 5, 2025
    risk 0.00cvss epss 0.01

    Craft is a content management system. Versions of Craft CMS on the 4.x branch prior to 4.14.13 and on the 5.x branch prior to 5.6.16 contains a potential remote code execution vulnerability via Twig SSTI. One must have administrator access and `ALLOW_ADMIN_CHANGES` must be…

  • CVE-2024-8238Mar 20, 2025
    risk 0.00cvss epss 0.01

    In version 3.22.0 of aimhubio/aim, the AimQL query language uses an outdated version of the safer_getattr() function from RestrictedPython. This version does not protect against the str.format_map() method, allowing an attacker to leak server-side secrets or potentially gain…

  • CVE-2025-27516Mar 5, 2025
    risk 0.00cvss epss 0.00

    Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker…

  • CVE-2024-36694Dec 18, 2024
    risk 0.00cvss epss 0.01

    OpenCart 4.0.2.3 is vulnerable to Server-Side Template Injection (SSTI) via the Theme Editor Function.

  • CVE-2024-55660Dec 11, 2024
    risk 0.00cvss epss 0.01

    SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's `/api/template/renderSprig` endpoint is vulnerable to Server-Side Template Injection (SSTI) through the Sprig template engine. Although the engine has limitations, it allows attackers to access…

  • CVE-2024-45053Sep 4, 2024
    risk 0.00cvss epss 0.01

    Fides is an open-source privacy engineering platform. Starting in version 2.19.0 and prior to version 2.44.0, the Email Templating feature uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Template Injection that grants…

  • CVE-2024-42356Aug 8, 2024
    risk 0.00cvss epss 0.01

    Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the `context` variable is injected into almost any Twig Template and allows to access to current language, currency information. The context object allows also to switch for a short time the scope of…

  • CVE-2024-42355Aug 8, 2024
    risk 0.00cvss epss 0.01

    Shopware, an open ecommerce platform, has a new Twig Tag `sw_silent_feature_call` which silences deprecation messages while triggered in this tag. Prior to versions 6.6.5.1 and 6.5.8.13, it accepts as parameter a string the feature flag name to silence, but this parameter is not…

  • CVE-2024-35191May 20, 2024
    risk 0.00cvss epss 0.00

    Formie is a Craft CMS plugin for creating forms. Prior to 2.1.6, users with access to a form's settings can include malicious Twig code into fields that support Twig. These might be the Submission Title or the Success Message. This code will then be executed upon creating a…

  • CVE-2024-28116Mar 21, 2024
    risk 0.00cvss epss 0.06

    Grav is an open-source, flat-file content management system. Grav CMS prior to version 1.7.45 is vulnerable to a Server-Side Template Injection (SSTI), which allows any authenticated user (editor permissions are sufficient) to execute arbitrary code on the remote server…

  • CVE-2024-21624Feb 9, 2024
    risk 0.00cvss epss 0.00

    nonebot2 is a cross-platform Python asynchronous chatbot framework written in Python. This security advisory pertains to a potential information leak (e.g., environment variables) in instances where developers utilize `MessageTemplate` and incorporate user-provided data into…

  • CVE-2023-5764Dec 12, 2023
    risk 0.00cvss epss 0.01

    A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying…

  • CVE-2023-6709Dec 12, 2023
    risk 0.00cvss epss 0.01

    Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2.

  • CVE-2023-46245Oct 31, 2023
    risk 0.00cvss epss 0.01

    Kimai is a web-based multi-user time-tracking application. Versions prior to 2.1.0 are vulnerable to a Server-Side Template Injection (SSTI) which can be escalated to Remote Code Execution (RCE). The vulnerability arises when a malicious user uploads a specially crafted Twig…

  • CVE-2023-41047Oct 9, 2023
    risk 0.00cvss epss 0.01

    OctoPrint is a web interface for 3D printers. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script that will allow code execution during rendering of that script. An attacker might use…